EndPoint Security Engineer

Ares Management CorporationLos Angeles, CA
$240,000 - $270,000Remote

About The Position

We are seeking an experienced Cybersecurity Engineer to serve as the technical lead for enterprise endpoint defense, Microsoft 365 collaboration security, secure browsing, endpoint privilege management, and measurable security control maturity. This role will lead the design, deployment, tuning, lifecycle management, and continuous improvement of security platforms that protect corporate endpoints, servers, Microsoft 365 collaboration services, SaaS platforms, and cloud-connected assets from advanced threats while enabling reliable and frictionless business workflows. This role will work closely with Security Operations, Infrastructure, Desktop Engineering, Collaboration Services, Platform Engineering, Identity, Cloud Security, Network Security, GRC, Legal, Compliance, and other cross-functional teams to ensure endpoint, Microsoft 365, SaaS, and infrastructure security controls are secure by design, consistently deployed, operationally resilient, auditable, measurable, and aligned with enterprise security standards.

Requirements

  • 8+ years of cybersecurity, endpoint security engineering, endpoint infrastructure, or related enterprise security experience.
  • Strong hands-on expertise with endpoint security and Microsoft security platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Palo Alto secure access or secure browser technologies, CyberArk, and/or BeyondTrust.
  • Strong knowledge of Windows, macOS, and Linux operating systems, including endpoint hardening, troubleshooting, agent behavior, security baselines, and enterprise-scale deployment considerations.
  • Strong understanding of endpoint networking, TLS traffic flows, proxy behavior, host firewall behavior, and how endpoint security controls interact across endpoint, network, cloud, identity, and SaaS environments.
  • Experience with enterprise endpoint management and deployment tools such as Microsoft Intune, MECM/SCCM, Group Policy, Jamf, or equivalent platforms.
  • Familiarity with cybersecurity controls for Microsoft 365 collaboration services, SaaS platforms, Microsoft Entra ID, Azure environments, conditional access, device posture, and Zero Trust concepts.
  • Experience securing or governing Microsoft 365 collaboration workloads such as Exchange Online, SharePoint Online, OneDrive, and Microsoft Teams, including external sharing, guest access, permissions, audit logs, and data protection controls.
  • Experience with endpoint firewall products, vulnerability management processes, patch coordination, and basic network security principles.
  • Deep critical-thinking skills with the ability to analyze detections, diagnose complex endpoint issues, distinguish true threats from false positives, and drive root-cause resolution under pressure.
  • Demonstrated ability to identify repeatable operational work and implement automation using scripting, APIs, workflows, or infrastructure-as-code concepts.
  • Experience developing endpoint security metrics, dashboards, compliance reports, exception tracking, or control effectiveness reporting.
  • Effective communication and collaboration skills with the ability to work across technical and non-technical stakeholder groups.

Nice To Haves

  • Relevant certifications such as CrowdStrike Certified Falcon Administrator, GIAC, CISSP, Microsoft Security certifications, Azure Security Engineer Associate, or CyberArk/BeyondTrust platform certifications.
  • Experience with PowerShell, Python, REST APIs, Microsoft Graph API, workflow automation, or configuration-as-code approaches.
  • Experience with Microsoft Graph API, SharePoint Online Management Shell, Exchange Online PowerShell, Teams administration, or Microsoft 365 security and compliance automation.
  • Experience integrating endpoint security telemetry with corporate SIEM, SOAR, XDR, case management, vulnerability management, or data analytics ecosystems.
  • Experience implementing or supporting Microsoft 365 data protection capabilities such as sensitivity labels, DLP, retention policies, eDiscovery workflows, audit logging, Safe Links, Safe Attachments, and collaboration security reporting.
  • Experience supporting endpoint security controls in regulated, audit-driven, or financial-services environments.
  • Familiarity with Zero Trust security principles, identity-based access control, device posture, conditional access, and secure access service edge concepts.
  • Strong sense of ownership, accountability, and attention to detail.
  • Ability to lead through influence, establish technical direction, and drive execution across cross-functional teams without direct reporting authority.
  • Proven ability to develop structured processes that improve consistency, scalability, auditability, measurability, and operational efficiency.
  • Ability to manage competing priorities and deliver reliable outcomes in a dynamic enterprise environment.
  • Strong technical judgment and ability to balance security risk, operational stability, user experience, and business impact.
  • Strong communication skills for bridging technical and business perspectives, including the ability to present risks, tradeoffs, and recommendations to leadership.
  • Curiosity and growth mindset, with the ability to adapt to evolving endpoint, cloud, identity, AI, and threat landscapes.

Responsibilities

  • Lead the engineering, deployment, tuning, and scaling of CrowdStrike Falcon and/or Microsoft Defender for Endpoint platforms, including EDR, host firewall, identity protection, policy management, detection tuning, and exception handling, partnering with SOC CrowdStrike operational leadership
  • Own endpoint security platform lifecycle management, including sensor deployment strategy, upgrade planning, health monitoring, coverage gap remediation, rollback procedures, and change management coordination, partnering with SOC and Workstation operational leadership
  • Architect, engineer, and enforce enterprise-wide security policies for secure enterprise browser technologies, including solutions such as Palo Alto Prisma Access Browser, partnering network operational leadership
  • Engineer and mature security controls across Exchange Online, SharePoint Online, OneDrive, Microsoft Teams, and related Microsoft 365 workloads, including external sharing governance, guest access, link-sharing controls, tenant configuration baselines, collaboration risk reduction, and secure productivity enablement.
  • Engineer and maintain global Endpoint Privilege Management solutions using CyberArk and/or BeyondTrust to reduce or eliminate standing local administrator rights while preserving operational continuity.
  • Build robust automation workflows and playbooks using PowerShell, Python, APIs, or workflow platforms to streamline deployment validation, threat containment, reporting, exception review, and control compliance.
  • Act as the engineering escalation point for complex endpoint incidents, security tooling issues, agent conflicts, detection gaps, and root-cause investigations in partnership with Security Operations and Infrastructure teams.
  • Develop and review baseline security configurations aligned with CIS Benchmarks, NIST guidance, and enterprise standards for Windows, macOS, and Linux endpoints. Partner with vulnerability threat management (VTM) team as they report and manage compliance in this space.
  • Integrate endpoint telemetry with SIEM, SOAR, XDR, vulnerability management, and reporting platforms to improve detection fidelity, response readiness, and measurable control effectiveness.
  • Partner on Microsoft Defender for Office 365, Microsoft Purview, audit logging, sensitivity labeling, DLP, retention, eDiscovery support, and Microsoft 365 Secure Score improvements to strengthen collaboration security and data protection outcomes.
  • Create and maintain technical documentation, runbooks, dashboards, operational procedures, and audit evidence for endpoint security controls.
  • Collaborate with Security Operations, Infrastructure, Desktop Engineering, Collaboration Services, Identity, Cloud Security, Platform Engineering, Network Security, GRC, Legal, Compliance, and other cross-functional partners to implement endpoint, Microsoft 365, SaaS, and infrastructure security improvements.
  • Translate complex endpoint security risks, platform limitations, compliance needs, and technical issues into clear, actionable recommendations for both technical and non-technical stakeholders.
  • Support vendor governance activities, including technology evaluation, roadmap alignment, service provider coordination, issue escalation, operational performance reviews, and contract or capability assessments.
  • Partner with change management, audit, and compliance teams to ensure endpoint security changes are properly assessed, documented, approved, implemented, validated, and evidenced.
  • Partner with collaboration platform owners, business stakeholders, Legal, and Compliance to define and operationalize secure collaboration standards, including external sharing, guest access, sensitivity labeling, retention, and data loss prevention requirements.
  • Contribute to knowledge sharing across the team and mentor others on endpoint security architecture, troubleshooting practices, control validation, automation, and operational standards.

Benefits

  • Comprehensive Medical/Rx, Dental and Vision plans
  • 401(k) program with company match
  • Flexible Savings Accounts (FSA)
  • Healthcare Savings Accounts (HSA) with company contribution
  • Basic and Voluntary Life Insurance
  • Long-Term Disability (LTD) and Short-Term Disability (STD) insurance
  • Employee Assistance Program (EAP)
  • Commuter Benefits plan for parking and transit
  • Access to a world-class medical advisory team
  • A mental health app that includes coaching, therapy and psychiatry
  • A mindfulness and wellbeing app
  • Financial wellness benefit that includes access to a financial advisor
  • New parent leave
  • Reproductive and adoption assistance
  • Emergency backup care
  • Matching gift program
  • Education sponsorship program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service